1. Field of the Invention
The invention relates to data transfer through computer networks and, in particular, to a mechanism by which a specific intended recipient of a delivered document can be authenticated without prior participation by the intended recipient.
2. Description of the Related Art
The Internet has grown tremendously in recent years, both in terms of number of users and the amount of data transferred through the Internet. Originally, the Internet was a data transfer medium for academia and then engineers and private users grew in use and familiarity with the Internet. Increasingly, the Internet is becoming an acceptable communication medium for business. However, business users demand more confidentiality and traceability of communication.
Business users often communicate sensitive, confidential, and proprietary information and, accordingly, expect such communication to be secure from unauthorized eavesdropping. In addition, business users expect to be able to store records tracing correspondence. Accordingly, for the Internet to provide a medium for business communication, Internet-based communication must be made secure and traceable.
The primary medium for person-to-person communication through the Internet is e-mail, using the simple mail transfer protocol (SMTP) and the post office protocol (POP). Internet e-mail is text-based. Only textual data in ASCII format is transferrable according to SMTP, Binary, non-textual files can be transferred through SMTP, but only after encoding the binary files in a textual format. Such can be done, for example, using uuencode, BinHex, or Base 64 encoding. However, it is the responsibility of the receiving user to decode the textual format to reconstruct the binary file. Most currently available e-mail readers provide the ability to encode and decode binary files according to the more popular encoding protocols; however, such introduces the possibility that encoding and decoding can introduce errors in the attached binary files. In particular, some e-mail routers can determine that some characters are non-essential, such as trailing spaces, and alter the textual data as the e-mail message passes through. Such can introduce errors in a binary file encoded in a textual format where such characters are, in fact, essential.
Furthermore, e-mail messages are not easily traceable. A sender of an e-mail message can request a return receipt indicating that the recipient received the message, but the recipient can cause her e-mail reader to refuse to send such a return receipt. In addition, a particular e-mail reader may not support return receipts.
Most importantly, e-mail through the Internet is not secure. Information transferred through the Internet can be snooped, i.e., the information can be read as the information is passed from router to router through the Internet. Encrypting information transferred through the Internet makes snooping of the information significantly more difficult. Unfortunately, such encrypting also makes sending information through the Internet significantly more difficult. For example, the sender and recipient must agree as to which of the multitude of encryption types to use. The sender must encrypt a binary file before sending the encrypted binary file through e-mail as an encoded binary attachment in textual form. The recipient must decode the attached binary file and decrypt the decoded binary file to recover the original binary file.
While e-mail readers are increasingly supporting encryption and decryption of attached binary files, such support is neither uniform nor standardized. In general, users must separately acquire, install, and use whatever encryption software is required. Most new users of the Internet are novice computer users and such selection, acquisition, installation, and use of encryption software is a daunting task. When the objective is a simple message to a colleague, encryption and security are all-too-often simply bypassed.
Accordingly, Internet e-mail is an unsatisfactory solution for business communication. Web-based communication is similarly unsatisfactory.
The World Wide Web (WWW or “the Web”) is a portion of the Internet in which information is cataloged and cross-referenced by including links within documents to reference other documents. Information transfer through the Web is according to the HyperText Markup Language (HTML). An emerging markup language is the Extensible Markup Language (XML). Both are types of Standard Generalized Markup Languages (SGMLs).
Information transfers through the Web can be secure and can be in a native, binary data format. Secure information transfer uses the known Secure Sockets Layer (SSL). While e-mail transfers information according to a “push” paradigm in which the information transfer is driven by the sender, information transfer through the Web is recipient-driven according to a “pull” paradigm. Therefore, a message directed from one user to another is not readily implemented through the Web.
Web-based e-mail has grown recently in popularity. One of the major advantages of web-based e-mail is that web-based e-mail is retrievable anywhere one has access to a web browser. However, sending information using web-based e-mail has a few disadvantages. First, web-based e-mail still uses regular e-mail servers and routers to transfer e-mail, so the messages still travel through unsecured channels and must go through encoding/decoding. Second, web-based e-mail is recipient selected; specifically, the recipient must have established a web-based e-mail account. The sender cannot specify that a message be sent through web-based e-mail unless the recipient has already established a web-based e-mail account.